This software implements other software, it’s not very likely that this software introduces new vulnerabilities.
The current major version is supported. For example if the current version is 3.4.1:
| Version | Supported |
|---|---|
v3.4.1 |
✅ |
v3.4.x |
✅ |
v3.x.x |
✅ |
v2.0.0 |
❌ |
v1.0.0 |
❌ |
Please report (suspected) security vulnerabilities to opensource@jonaspammer.at, preferably with a proof of concept.
You may use the following template for your e-mail (text in underscores (_) is meant for guidance of filling out the form and can be removed):
## Severity _One of Low, Moderate, High, Critical, or "Asses using Common Weakness Enumarator found in Reference"_ ## CVE Identifier (https://cve.mitre.org/cve/search_cve_list.html) None ## Description ## Reproduction _Step-by-step instructions to reproduce the issue / Proof-of-concept / Any special configuration needed to reproduce / Exploit Code_ ## Impact _What kind of vulnerability is it (Injection, XSS, Overflow, ...)? Who is impacted?_ ### Patches _Has the problem been patched? What versions?_ ### Workarounds _Is there a way for the users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links the developer or users can visit to find out more?_
Non-vulnerability related security issues such as new great new ideas for security features are welcome on GitHub Issues.